The present invention relates generally to the field of computer security. In general, a computing device may have one or more vulnerabilities that can be leveraged by malicious code to compromise the computing device. Malicious code may also be introduced onto a computing device by deceiving a user. Malicious code running on a compromised machine may install additional malware components. Computer security is improved through the detection of malicious software (“malware”) that either uses malicious code to exploit vulnerabilities (or deceive users) and repurpose infected computers or performs malicious actions once installed on a compromised host. Once malware is detected and the exploits are understood, security systems may be designed to recognize and block the malware and the vulnerabilities may be patched.